From afe36b58bb77012f94b19213ed9602c2eb9fd420 Mon Sep 17 00:00:00 2001
From: Niclas Eklund <nick@erlang.org>
Date: Tue, 19 Apr 2011 13:35:29 +0200
Subject: Renamed the function strong_rand_uniform to strong_rand_mpint. Added
 some checks in crypto.erl and crypto.c. Changed ssh_bits to use
 strong_rand_mpint.

---
 lib/crypto/c_src/crypto.c        | 25 +++++++++++++------------
 lib/crypto/doc/src/crypto.xml    |  8 ++++++--
 lib/crypto/doc/src/notes.xml     | 17 ++++++++++++++++-
 lib/crypto/src/crypto.erl        | 20 ++++++++++++++------
 lib/crypto/test/crypto_SUITE.erl | 38 +++++++++++++++++++-------------------
 lib/crypto/vsn.mk                |  2 +-
 lib/ssh/src/ssh_bits.erl         |  2 +-
 7 files changed, 70 insertions(+), 42 deletions(-)

(limited to 'lib')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index d4139f0dfa..3ebf62d87c 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -136,7 +136,7 @@ static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM
 static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM strong_rand_bytes_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -208,7 +208,7 @@ static ErlNifFunc nif_funcs[] = {
     {"rand_bytes", 1, rand_bytes_1},
     {"strong_rand_bytes_nif", 1, strong_rand_bytes_nif},
     {"rand_bytes", 3, rand_bytes_3},
-    {"strong_rand_uniform", 3, strong_rand_uniform_3},
+    {"strong_rand_mpint_nif", 3, strong_rand_mpint_nif},
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 3, mod_exp_nif},
     {"dss_verify", 4, dss_verify},
@@ -744,7 +744,7 @@ static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
     }
     return ret;
 }
-static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Bytes, TopMask, BottomMask) */    
     unsigned bits;
     BIGNUM *bn_rand;
@@ -770,16 +770,17 @@ static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NI
     }
 
     /* Get a (bits) bit random number */
-    if (! BN_rand(bn_rand, bits, top, bottom) ) {
-        return enif_make_badarg(env);
+    if (!BN_rand(bn_rand, bits, top, bottom)) {
+        ret = atom_false;
+    }
+    else {
+	/* Copy the bignum into an erlang mpint binary. */
+	dlen = BN_num_bytes(bn_rand);
+	data = enif_make_new_binary(env, dlen+4, &ret);
+	put_int32(data, dlen);
+	BN_bn2bin(bn_rand, data+4);
+	ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen);
     }
-
-    /* Copy the bignum into an erlang mpint binary. */
-    dlen = BN_num_bytes(bn_rand);
-    data = enif_make_new_binary(env, dlen+4, &ret);
-    put_int32(data, dlen);
-    BN_bn2bin(bn_rand, data+4);
-    ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen);
     BN_free(bn_rand);
 
     return ret;
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 087e9ac00c..dd40378f29 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -625,6 +625,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
         result in a binary. Uses a cryptographically secure prng seeded and
         periodically mixed with operating system provided entropy. By default
         this is the <c>RAND_bytes</c> method from OpenSSL.</p>
+	<p>May throw exception <c>low_entropy</c> in case the random generator
+	failed due to lack of secure "randomness".</p>
       </desc>
     </func>
     <func>
@@ -642,7 +644,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
-      <name>strong_rand_uniform(N, Top, Bottom) -> Mpint</name>
+      <name>strong_rand_mpint(N, Top, Bottom) -> Mpint</name>
       <fsummary>Generate an N bit random number</fsummary>
       <type>
         <v>N = non_neg_integer()</v>
@@ -662,6 +664,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
         N bits long.</p>
         <p>If <c>Bottom</c> is 1, then the generated number is
         constrained to be odd.</p>
+	<p>May throw exception <c>low_entropy</c> in case the random generator
+	failed due to lack of secure "randomness".</p>
       </desc>
     </func>
     <func>
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 5e9bda3920..ab1ffa9e5c 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 2.0.2.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Strengthened random number generation. (Thanks to Geoff Cant)</p>
+          <p>
+	    Own Id: OTP-9225</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 2.0.2.1</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 99b683fce2..cc7b3acc9c 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -46,7 +46,7 @@
 -export([rsa_private_encrypt/3, rsa_public_decrypt/3]).
 -export([dh_generate_key/1, dh_generate_key/2, dh_compute_key/3]).
 -export([rand_bytes/1, rand_bytes/3, rand_uniform/2]).
--export([strong_rand_bytes/1, strong_rand_uniform/3]).
+-export([strong_rand_bytes/1, strong_rand_mpint/3]).
 -export([mod_exp/3, mpint/1, erlint/1]).
 %% -export([idea_cbc_encrypt/3, idea_cbc_decrypt/3]).
 -export([aes_cbc_128_encrypt/3, aes_cbc_128_decrypt/3]).
@@ -70,7 +70,7 @@
 		    aes_cfb_128_encrypt, aes_cfb_128_decrypt,
 		    rand_bytes,
 		    strong_rand_bytes,
-		    strong_rand_uniform,
+		    strong_rand_mpint,
 		    rand_uniform,
 		    mod_exp,
 		    dss_verify,dss_sign,
@@ -367,11 +367,12 @@ aes_cfb_128_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub.
 -spec strong_rand_bytes(non_neg_integer()) -> binary().
 -spec rand_uniform(crypto_integer(), crypto_integer()) ->
 			  crypto_integer().
--spec strong_rand_uniform(Bits::non_neg_integer(),
-                          Top::-1..1,
-                          Bottom::0..1) -> binary().
+-spec strong_rand_mpint(Bits::non_neg_integer(),
+			Top::-1..1,
+			Bottom::0..1) -> binary().
 
 rand_bytes(_Bytes) -> ?nif_stub.
+
 strong_rand_bytes(Bytes) ->
     case strong_rand_bytes_nif(Bytes) of
         false -> erlang:error(low_entropy);
@@ -380,7 +381,14 @@ strong_rand_bytes(Bytes) ->
 strong_rand_bytes_nif(_Bytes) -> ?nif_stub.
 
 rand_bytes(_Bytes, _Topmask, _Bottommask) -> ?nif_stub.
-strong_rand_uniform(_Bytes, _Topmask, _Bottommask) -> ?nif_stub.
+
+strong_rand_mpint(Bits, Top, Bottom) -> 
+    case strong_rand_mpint_nif(Bits,Top,Bottom) of
+        false -> erlang:error(low_entropy);
+        Bin -> Bin
+    end.
+strong_rand_mpint_nif(_Bits, _Top, _Bottom) -> ?nif_stub.
+
 
 rand_uniform(From,To) when is_binary(From), is_binary(To) ->
     case rand_uniform_nif(From,To) of
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 1946d01489..854a8b4485 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -46,7 +46,7 @@
 	 aes_ctr/1,
 	 mod_exp_test/1,
 	 rand_uniform_test/1,
-	 strong_rand_uniform_test/1,
+	 strong_rand_test/1,
 	 rsa_verify_test/1,
 	 dsa_verify_test/1,
 	 rsa_sign_test/1,
@@ -70,7 +70,7 @@ all() ->
      %% sha256, sha256_update, sha512,sha512_update,
      des_cbc, aes_cfb, aes_cbc,
      aes_cbc_iter, aes_ctr, des_cbc_iter, des_ecb,
-     rand_uniform_test, strong_rand_uniform_test,
+     rand_uniform_test, strong_rand_test,
      rsa_verify_test, dsa_verify_test, rsa_sign_test,
      dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
      rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
@@ -712,26 +712,26 @@ rand_uniform_aux_test(N) ->
 
 %%
 %%
-strong_rand_uniform_test(doc) ->
-    "strong_rand_uniform and strong_random_bytes testing";
-strong_rand_uniform_test(suite) ->
+strong_rand_test(doc) ->
+    "strong_rand_mpint and strong_random_bytes testing";
+strong_rand_test(suite) ->
     [];
-strong_rand_uniform_test(Config) when is_list(Config) ->
-    strong_rand_uniform_aux_test(180),
+strong_rand_test(Config) when is_list(Config) ->
+    strong_rand_aux_test(180),
     ?line 10 = byte_size(crypto:strong_rand_bytes(10)).
 
-strong_rand_uniform_aux_test(0) ->
-    ?line t(crypto:strong_rand_uniform(0,0,0) =:= <<0,0,0,0>>),
+strong_rand_aux_test(0) ->
+    ?line t(crypto:strong_rand_mpint(0,0,0) =:= <<0,0,0,0>>),
     ok;
-strong_rand_uniform_aux_test(1) ->
-    ?line t(crypto:erlint(crypto:strong_rand_uniform(1,0,1)) =:= 1),
-    ?line rand_uniform_aux_test(0);
-strong_rand_uniform_aux_test(N) ->
-    ?line t(sru_length(crypto:strong_rand_uniform(N,-1,0)) =< N),
-    ?line t(sru_length(crypto:strong_rand_uniform(N,0,0)) =:= N),
-    ?line t(crypto:erlint(crypto:strong_rand_uniform(N,0,1)) band 1 =:= 1),
-    ?line t(crypto:erlint(crypto:strong_rand_uniform(N,1,0)) bsr (N - 2) =:= 2#11),
-    ?line rand_uniform_aux_test(N-1).
+strong_rand_aux_test(1) ->
+    ?line t(crypto:erlint(crypto:strong_rand_mpint(1,0,1)) =:= 1),
+    ?line strong_rand_aux_test(0);
+strong_rand_aux_test(N) ->
+    ?line t(sru_length(crypto:strong_rand_mpint(N,-1,0)) =< N),
+    ?line t(sru_length(crypto:strong_rand_mpint(N,0,0)) =:= N),
+    ?line t(crypto:erlint(crypto:strong_rand_mpint(N,0,1)) band 1 =:= 1),
+    ?line t(crypto:erlint(crypto:strong_rand_mpint(N,1,0)) bsr (N - 2) =:= 2#11),
+    ?line strong_rand_aux_test(N-1).
 
 sru_length(Mpint) ->
     I = crypto:erlint(Mpint),
@@ -1126,7 +1126,7 @@ worker_loop(0, _) ->
     ok;
 worker_loop(N, Config) ->
     Funcs = { md5, md5_update, md5_mac, md5_mac_io, sha, sha_update, des_cbc,
-	      aes_cfb, aes_cbc, des_cbc_iter, rand_uniform_test, 
+	      aes_cfb, aes_cbc, des_cbc_iter, rand_uniform_test, strong_rand_test,
 	      rsa_verify_test, exor_test, rc4_test, rc4_stream_test, mod_exp_test },
 
     F = element(random:uniform(size(Funcs)),Funcs),
diff --git a/lib/crypto/vsn.mk b/lib/crypto/vsn.mk
index e2d6fd0b37..740c68d8fa 100644
--- a/lib/crypto/vsn.mk
+++ b/lib/crypto/vsn.mk
@@ -1 +1 @@
-CRYPTO_VSN = 2.0.2.1
+CRYPTO_VSN = 2.0.2.2
diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl
index ae89f31355..3f0a06575c 100755
--- a/lib/ssh/src/ssh_bits.erl
+++ b/lib/ssh/src/ssh_bits.erl
@@ -413,7 +413,7 @@ irandom(Bits) ->
 %%
 irandom(Bits, Top, Bottom) when is_integer(Top),
                                 0 =< Top, Top =< 2 ->
-    crypto:erlint(crypto:strong_rand_uniform(Bits, Top - 1, Bottom)).
+    crypto:erlint(crypto:strong_rand_mpint(Bits, Top - 1, Bottom)).
 
 %%
 %% random/1
-- 
cgit v1.2.3